Exploit in Siri provides access to contacts and photos on iPhone 6s – Update

Apr

6

2016

Siri gives an exploit in having to enter attackers access to contacts and photos on an iPhone 6s without the access code. The trick works via 3D touch, so it does not work on other iPhones and iPads.

YouTube user videosdebarraquito posted the first video of the exploit and Tweakers was able to reproduce the bug on the iPhone 6s. On an iPhone 6s Plus, however, the trick did not work. It is unknown whether the bypass works on any iPhone 6s. YouTube user EverythingApplePro let him see two different iPhone 6s instances. The trick works in all cases on the latest iOS version 9.3.1. Or older versions are also vulnerable, is not clear, but it is obvious.

The trick works with Siri on the lockscreen. The attacker asks Siri to search Twitter for tweets with an email address. When Siri displays the tweets, the user presses a legitimate address with 3D Touch. A popup appears to add the address to an existing or new contact. With the option to add it to existing contact, get the attacker access to the contact list. With the option to create a new contact can also find all photos with the option to add a picture to the contact, be viewed. For this to work the trick, Siri must be turned on.

Update, 13:12: This article was originally warning users to have Twitter and it does not work in Dutch. A tweaker, jgsr has been shown that having Twitter is not necessary and that it also works in Dutch.

Update, April 6: An Apple spokesman tells Washington Post that the problem is solved . Users need to download any software update, Apple has probably made a change in the operation of Siri.

Viewing:-127

In: Technology & Gadgets Asked By: [15196 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »